Introduction
Forcepoint ONE SSE Cloud SWG solution enables web traffic filtering when a SmartEdge agent cannot be deployed on the end user's machine, such as for Guest users or IoT devices or when the organization does not want to deploy an agent.
GRE Overview
Generic Routing Encapsulation (GRE) is a tunneling protocol used to encapsulate and route data via a virtual point-to-point connection.
Throughput
For Forcepoint ONE SSE Cloud SWG, Forcepoint allocates 0.1 megabits per second (Mbps) per licensed user per virtual datacenter.
Audience
Defines the audience of this document.
Configurations in Forcepoint ONE SSE
This section details the configurations required to setup GRE tunnel in Forcepoint ONE SSE.
Creating Sites
A Site represents a corporate location from which traffic will originate. While creating a Site, you need to configure GRE tunnel through which traffic should be sent over to cloud and create or add subnets groups within the site.
Viewing Tunnels
After creating tunnels, you can monitor the status of each tunnel under Analyze > Tunnels page.
Configurations on edge device
This section details the configurations you need to carry on Juniper SRX device using the details from the Analyze > Tunnels page in Forcepoint ONE SSE.
Abbreviations for configuration parameters
Abbreviations are used for configuration parameters in the configuration examples. Replace the abbreviations with the appropriate addresses and values for your configuration.
Configurations on Juniper SRX
Describes how to configure GRE tunnels on Juniper SRX device.
Useful show commands
Show commands display information such as connection and operation statistics.
Example GRE configuration for Juniper SRX
This topic provides example GRE configurations that needs to done on Juniper SRX to route http and https traffic to Forcepoint ONE SSE via GRE tunnels.
Troubleshooting
The following table lists some problems that may be encountered in configuring and establishing your tunnel, with some suggested actions.
Verifying high availability failover
For each site you add, it is important to ensure that the High Availability (HA) failover capability is provisioned and configured correctly such that failover happens successfully when required.